gcleaner | 0ae16b8884f5fe300e1f2a83e2803707e13237cadc27c2e0767581ee939e4b93 | Triage

Sharing

General

Target

0ae16b8884f5fe300e1f2a83e2803707e13237cadc27c2e0767581ee939e4b93N
Size

370KB
Sample

241006-s85syswekb
MD5

c4b48605c56217105e784a22fa2ce930
SHA1

ae0136a463272f6c55355cd0fefb9f055f764bd3
SHA256

0ae16b8884f5fe300e1f2a83e2803707e13237cadc27c2e0767581ee939e4b93
SHA512

d380245bfd74d368b5d79ccf244802f8eb0ebeb701a682600abb4e12ac8e3e301b259252ba9d14c21349ec6c0e56481b8b1be75bf0f5ce7a979cda657144eca9
SSDEEP

6144:WXjgZtaABI2ZLkfVyx5B+0H9iPVVnGIq+ZriCGYgwPtJgrHDCgTW:yGa0I2xwQP+0diNVnGd+ZcVw1JujCw

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

- Target
  
  0ae16b8884f5fe300e1f2a83e2803707e13237cadc27c2e0767581ee939e4b93N
- Size
  
  370KB
- MD5
  
  c4b48605c56217105e784a22fa2ce930
- SHA1
  
  ae0136a463272f6c55355cd0fefb9f055f764bd3
- SHA256
  
  0ae16b8884f5fe300e1f2a83e2803707e13237cadc27c2e0767581ee939e4b93
- SHA512
  
  d380245bfd74d368b5d79ccf244802f8eb0ebeb701a682600abb4e12ac8e3e301b259252ba9d14c21349ec6c0e56481b8b1be75bf0f5ce7a979cda657144eca9
- SSDEEP
  
  6144:WXjgZtaABI2ZLkfVyx5B+0H9iPVVnGIq+ZriCGYgwPtJgrHDCgTW:yGa0I2xwQP+0diNVnGd+ZcVw1JujCw
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader